Russia's cyberinvasion of Ukraine is a failure…for now

Spread the love

 Russia’s cyberinvasion of Ukraine is a

Photo: Oleksandr Gimanov Agence France-Presse manages all the same to deprive Ukraine of important infrastructures by means of strikes. Here, cars drive through the Ukrainian city of Odessa during the blackout on December 16, 2022.

How Russia's attempted invasion of Ukraine will end is hard to predict. On the Internet, it's something else entirely. A year after the start of the conflict, the trend that emerges is that there does not seem to be any new trend.

After a year of the Russian war of aggression in Ukraine, the feared cyberwar so many specialists in the spring of 2022 trample. In fact, unless the equivalent of a nuclear bomb is still hidden in the Kremlin's cyber-military arsenal, everything indicates that Russia has already lost the Internet war.

“If we had seen big surprise attacks on the Internet, we probably would have seen them already,” said Pierre-Marc Bureau, programmer and leader of Google's Threat Analysis Group (TAG) cybersecurity team in Montreal.

More of the same

A report published at the end of last week by Google taking stock of the cyber war between Russia and the coalition now surrounding Ukraine seems to confirm the words of Pierre-Marc Bureau. A first spike in cyber attacks took place last April, in the early days of the ground invasion. A second peak was reached in the fall.

Overall, the volume of attacks against Ukraine has increased by 250% over the past year, compared to previous years. The number of attacks against NATO member countries has increased by 300%. These quickly positioned themselves in favor of Ukraine's defense, angering the Kremlin and, apparently, retaliation concentrated on the Internet.

“It was clearly part of Russian military strategy », continues Pierre-Marc Bureau. “Most of these attacks came from sources known to be affiliated with the Russian government. Some of these attacks have been particularly effective — in the case of some Ukrainian power plants or satellite networks. But overall, we did not see the damaging impact that we anticipated. »

Above all: in one year, the tools used by Russia and by the hacker groups more active since the beginning of the conflict to wage war in cyberspace have not changed. They remain the same.

“In fact, maybe that's the trend: we're going to continue to see a few more cyberattacks, of the same type that we saw before. There may not be a movement towards new cyber threats,” concludes Pierre-Marc Bureau.

“But at the same time, one cannot predict too much what the future will hold… »

Less ransomware than expected

The cyber threat analysis division, also known as Google TAG, is located in four cities around the world. The team of researchers located in Montreal normally focuses more on the analysis of cybercrime, i.e. illicit activities on the Internet that aim to produce financial gain.

Let us think in particular of ransomware attacks, which lock and render inoperative the computer system of their victim and which demand a ransom to then unlock it. A few ransomware attacks in 2021 have been wildly successful. In May 2021, the American oil pipeline network Colonial Pipeline was the victim of such an attack, which jeopardized the oil supply of certain cities in the eastern United States. The price at the pump in these areas has jumped. Motorists quickly lined up to stock up, fearing the worst.

When the Russian military crossed the Ukrainian border a year later, a widespread fear in international cybersecurity circles was that such attacks would repeatedly target the critical infrastructure of Western countries opposing to Russia.

If we had seen major surprise attacks on the Internet, we would probably have seen them already

— Pierre-Marc Bureau

What the last year's statistics published by Google TAG reveal is that this threat ultimately did not materialize. “We have not seen any noticeable increase in ransomware attacks in 2022 targeting strategic infrastructure in the United States or within NATO countries, contrary to what was expected at the start of the conflict and especially after claims were made that more would be seen,” write the authors of the Google report titled Fog of war: how the Ukraine conflict transformed the cyber threat landscape.

The emergence of fake videos

Beyond their volume, it is in the technique used to create targeted cyberattacks that the real cybermilitary lesson lies. There's no turning back on that front: propaganda services now have access to such sophisticated tools as faked voices and videos that allow them to impersonate any personality on Earth, political or otherwise, past or present.

In the early days of the Russian military's ground invasion, Ukrainian media sites were hacked to share Russian propaganda. One of the elements of this propaganda was a video of President Volodymyr Zelensky announcing that Ukraine was immediately laying down its arms.

This video was obviously fake. It was posted hours before the “real” President Zelensky appeared before the US Congress to ask for US help.

These kinds of strategies could inspire other cyberattacks in the future, thinks Google TAG. It's what its researchers call “hacktivism,” a form of online activism that dips into the tools of cybercrime to get a message across, whether true or false.

Nothing new, yet. Nothing that was not avoided or spotted by the cybersecurity already in place. Waiting for the next surprise…